Thanks to visit codestin.com
Credit goes to Github.com

Skip to content

'docker push' send 'client hello' packet to insecure registry #1450

New issue
New issue
Open
Open
'docker push' send 'client hello' packet to insecure registry#1450
@xiaooloong

Description

@xiaooloong
xiaooloong
opened on Nov 19, 2025

Description

~ docker info
Client: Docker Engine - Community
 Version:    29.0.2
 Context:    colima
 Debug Mode: false

Server:
 Server Version: 28.4.0
 Storage Driver: overlayfs
  driver-type: io.containerd.snapshotter.v1
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 CDI spec directories:
  /etc/cdi
  /var/run/cdi
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 05044ec0a9a75232cad458027ca83437aae3f4da
 runc version: v1.2.5-0-g59923ef
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.8.0-64-generic
 Operating System: Ubuntu 24.04.2 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 1.919GiB
 Name: colima
 ID: 884ea862-03cb-4cd2-97bb-70d0f37aebe2
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: 192.168.5.2:8001
 HTTPS Proxy: 192.168.5.2:8001
 Experimental: false
 Insecure Registries:
  192.1.250.60:8083
  ::1/128
  127.0.0.0/8



~ docker push 192.1.250.60:8083/jetstack/cert-manager-acmesolver:v1.16.4
The push refers to repository [192.1.250.60:8083/jetstack/cert-manager-acmesolver]
38f4a9ccb8d6: Unavailable
......
d557676654e5: Unavailable
failed to do request: Post "https://192.1.250.60:8083/v2/jetstack/cert-manager-acmesolver/blobs/uploads/": http: server closed idle connection

tcpdump shows docker send 'client hello' pcakge to '192.1.250.60:8083' while this registry is configured as a plain http registry both in daemon.json of docker daemon and colima.yaml of colima.

Version

colima version 0.9.1
git commit: 0cbf719f5409ce04b9f0607b681c005d2ff7d94a

runtime: docker
arch: x86_64
client: v29.0.2
server: v28.4.0
limactl version 2.0.1
qemu-img version 10.1.2

Operating System

  • macOS Intel <= 13 (Ventura)
  • macOS Intel >= 14 (Sonoma)
  • Apple Silicon <= 13 (Ventura)
  • Apple Silicon >= 14 (Sonoma)
  • Linux

Output of colima status

colima status
INFO[0001] colima is running using macOS Virtualization.Framework
INFO[0001] arch: x86_64
INFO[0001] runtime: docker
INFO[0001] mountType: virtiofs
INFO[0001] docker socket: unix:///Users/user/.colima/default/docker.sock
INFO[0001] containerd socket: unix:///Users/user/.colima/default/containerd.sock

Reproduction Steps

  1. configure a insecure registry in colima.yaml
  2. (re)start colima
  3. docker tag a image to that http registry and push

Expected behaviour

No response

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions